| Frames | No Frames |
1: /* NameConstraints.java -- the NameConstraints X.509 extension. 2: Copyright (C) 2006 Free Software Foundation, Inc. 3: 4: This file is a part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2 of the License, or (at 9: your option) any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; if not, write to the Free Software 18: Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 19: USA 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package gnu.java.security.x509.ext; 40: 41: import gnu.java.security.OID; 42: import gnu.java.security.der.DERReader; 43: import gnu.java.security.der.DERValue; 44: import gnu.java.security.x509.ext.Extension.Value; 45: 46: import java.io.IOException; 47: import java.util.Collections; 48: import java.util.LinkedList; 49: import java.util.List; 50: 51: /** 52: * The NameConstraints extension. From RFC 3280, section 4.2.1.11, this 53: * extension is defined as: 54: * 55: * <pre> 56: id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } 57: 58: NameConstraints ::= SEQUENCE { 59: permittedSubtrees [0] GeneralSubtrees OPTIONAL, 60: excludedSubtrees [1] GeneralSubtrees OPTIONAL } 61: 62: GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree 63: 64: GeneralSubtree ::= SEQUENCE { 65: base GeneralName, 66: minimum [0] BaseDistance DEFAULT 0, 67: maximum [1] BaseDistance OPTIONAL } 68: 69: BaseDistance ::= INTEGER (0..MAX) 70: </pre> 71: * 72: * See also the classes {@link GeneralNames} and {@link GeneralSubtree}. 73: * 74: * @author csm 75: */ 76: public class NameConstraints extends Value 77: { 78: public static final OID ID = new OID("2.5.29.30"); 79: 80: private List<GeneralSubtree> permittedSubtrees; 81: private List<GeneralSubtree> excludedSubtrees; 82: 83: public NameConstraints(byte[] encoded) throws IOException 84: { 85: super(encoded); 86: 87: DERReader der = new DERReader(encoded); 88: DERValue value = der.read(); 89: if (!value.isConstructed()) 90: { 91: throw new IOException("malformed NameConstraints"); 92: } 93: 94: permittedSubtrees = new LinkedList<GeneralSubtree>(); 95: excludedSubtrees = new LinkedList<GeneralSubtree>(); 96: int len = 0; 97: if (len < value.getLength()) 98: { 99: DERValue subtrees = der.read(); 100: if (subtrees.getTag() == 0) 101: { 102: int len2 = 0; 103: while (len2 < subtrees.getLength()) 104: { 105: DERValue subtree = der.read(); 106: permittedSubtrees.add(new GeneralSubtree(subtree.getEncoded())); 107: der.skip(subtree.getLength()); 108: len2 += subtree.getEncodedLength(); 109: } 110: len += subtrees.getEncodedLength(); 111: 112: if (len < value.getLength()) 113: { 114: subtrees = der.read(); 115: if (subtrees.getTag() != 1) 116: throw new IOException("unexpected tag " + subtrees.getTag() 117: + " (expecting 1 for excludedSubtrees)"); 118: len2 = 0; 119: while (len2 < subtrees.getLength()) 120: { 121: DERValue subtree = der.read(); 122: excludedSubtrees.add(new GeneralSubtree(subtree.getEncoded())); 123: der.skip(subtree.getLength()); 124: len2 += subtree.getEncodedLength(); 125: } 126: } 127: } 128: else if (subtrees.getTag() == 1) 129: { 130: int len2 = 0; 131: while (len2 < subtrees.getLength()) 132: { 133: DERValue subtree = der.read(); 134: excludedSubtrees.add(new GeneralSubtree(subtree.getEncoded())); 135: der.skip(subtree.getLength()); 136: len2 += subtree.getEncodedLength(); 137: } 138: } 139: else 140: throw new IOException("unexpected tag " + subtrees.getTag() 141: + " (expecting 0 or 1)"); 142: } 143: } 144: 145: public List<GeneralSubtree> permittedSubtrees() 146: { 147: return Collections.unmodifiableList(permittedSubtrees); 148: } 149: 150: public List<GeneralSubtree> excludedSubtrees() 151: { 152: return Collections.unmodifiableList(excludedSubtrees); 153: } 154: 155: public String toString() 156: { 157: return NameConstraints.class.getName() + " [ permittedSubtrees=" 158: + permittedSubtrees + "; excludedSubtrees=" + excludedSubtrees 159: + " ]"; 160: } 161: }